The Mole: automatic SQL Injection

Si están buscando herramientas para SQL injection "The Mole" es una buena alternativa a tener en cuenta.



Desde su web nos dicen

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. 
Features
  • Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
  • Command line interface. Different commands trigger different actions.
  • Auto-completion for commands, command arguments and database, table and columns names.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections through GET/POST/Cookie parameters.
  • Developed in python 3.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.
Disclaimer: Usage of The Mole for attacking web servers without mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.
Pueden descargarlo desde acá. Realizada en Python y opensource.

Link del día: cómo presentar un reporte de pentesting

Incursionar en el pentesting es sumamente interesante dentro de la línea de seguridad de sistemas, en este link van a encontrar un ejemplo de reporte de pentest realizado por la gente de offensive security

http://hotfixed.net/2012/03/01/ejemplo-de-reporte-para-pentest-offensive-security/


El link de descarga directa del ejemplo de reporte en PDF
http://www.offensive-security.com/penetration-testing-sample-report.pdf

-- Desde Mi iPad